Martin Towell wrote: > 1. so you're trying to stop people from link straight to your page? > 2. or are you trying to stop them from using your code without > permission (on the same server)? > a. will others be able to see the source code? > i. if so, then what's to stop them from defining the constant > themselves? > ii. if not, this looks like a good way of doing it >
I could see how links in the url bar could get spoofed, but I have no idea how a form can. I presented a question maybe last week about $HTTP_POST_VARS security or lack of, and one the replies, got me thinking. I guess what I had in mind is along the lines of #2. What I had in mind was that each install would have a different value for the constant. So will others be able to see the source code, no not unless the webserver becomes compromised... > -----Original Message----- > From: Gerard Samuel [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 15, 2002 11:31 AM > To: Martin Towell > Cc: PHP > Subject: Re: [PHP] An idea... > > > Quote from the php manual. > "Once a constant is defined, it can never be changed or undefined." > > I figure, since the constant is initialised in the script, it cannot be > changed or undefined, then I can put my trust in it that it comes from > the server and no where else.... > > Martin Towell wrote: > > > how is that going to increase security? > > > > -----Original Message----- > > From: Gerard Samuel [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, January 15, 2002 11:21 AM > > To: php > > Subject: [PHP] An idea... > > > > > > Just want to bounce this idea off you guys/gals. > > Im looking to improve the security of my scripts. Now lets say, I > > initialise the script with a constant in the main config file that all > > the pages access. Then when Im accepting data from a form or maybe even > > a link I could do > > > > if (isset($HTTP_POST_VARS['foo']) && defined("CONSTANT")) { > > process data > > } > > > > Just an idea, what do you think.. > > Thanks > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
